mpsmith Posted January 3, 2005 Share Posted January 3, 2005 Im creating an automated CD for use at my office, and being a federal network it requires a security template. I searched the forums and couldnt find anything on when to use them, but I was just testing my CD and windows stopped installing at T-12min. I think this may be because it applied the template, but Im not sure/cant check since it stopped the installation. It didnt freeze... it just stopped. Does anyone know if this [may have] caused the problem? If so, does anyone know when a good time to apply the template? Thanks. Link to comment Share on other sites More sharing options...
Yzöwl Posted January 3, 2005 Share Posted January 3, 2005 What method are you using to deploy the template?Without more information I think it's going to be difficult for anyonr to come up with a reason. Link to comment Share on other sites More sharing options...
mpsmith Posted January 3, 2005 Author Share Posted January 3, 2005 Good point.Im using runonceex. The template is the last command executed:secedit.exe /configure /cfg %CDROM%\USGS\install\security\usgs_sec_xp_091104.STIG.inf /db c:\windows\security\database\usgs_sec_wxpws.sdb /overwrite /log c:\windows\security\usgs_sec_wxpws.log Link to comment Share on other sites More sharing options...
Yzöwl Posted January 3, 2005 Share Posted January 3, 2005 If using a runonceex.cmd, mine would probably look something like this:REG ADD %KEY%\075 /VE /D "Applying Security Template" /fREG ADD %KEY%\075 /V 1 /D "%SystemRoot%\system32\cmd /c copy \"\"%SystemRoot%\security\Database\secedit.sdb\"\" \"\"%SystemRoot%\security\Database\WinXPPro.sdb\"\"" /fREG ADD %KEY%\075 /V 2 /D "%SystemRoot%\system32\cmd /c copy \"\"%SystemDrive%\install\Security\WinXPPro.inf\"\" \"\"%SystemRoot%\security\templates\\"\"" /fREG ADD %KEY%\075 /V 3 /D "%SystemRoot%\system32\secedit /configure /db \"\"%SystemRoot%\security\Database\WinXPPro.sdb\"\" /cfg \"\"%SystemRoot%\security\templates\WinXPPro.inf\"\" /overwrite /log \"\"%SystemRoot%\Temp\securcfg.log\"\" /quiet" /fAs you can see, it's very messy, it's only supposed to be on four lines, and very easy to get wrong due to all the quotation marks.My method would be to copy the existing secedit.sdb file to a new WinXPPro.sdb, then copy my own WinXPPro.inf, then run the SECEDIT over the two.Hope this helps you out. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now